The Security Podcast of Silicon Valley

In this thought-provoking episode of a YSecurity.io production, we welcome Michael Brooks, the Chief Information Security Officer at Trava, to dissect the complex world of cyber risk, ransomware attacks, business preparedness, and risk management strategies. Michael brings a wealth of knowledge and experience, offering deep insights into the foundational challenges and strategic imperatives of cybersecurity.

At the heart of our discussion is the critical importance of data security. Michael prompts us to consider the intrinsic value of our data, urging businesses to reflect on whether they can operate without certain datasets. This perspective shifts the conversation from theoretical security measures to practical, business-critical imperatives. It's not just about protecting data for the sake of compliance or fear of breaches, but recognizing data as the lifeblood of modern business operations.

Michael delves into the anatomy of ransomware attacks, shedding light on the tactics used by attackers and the vulnerabilities they exploit. He emphasizes the need for businesses to not only fortify their defenses but also to cultivate a deep understanding of their risk profile. This involves identifying which data sets are vital for business continuity and ensuring they are adequately protected against potential threats.

The conversation also explores the broader landscape of cyber risk management, highlighting the importance of preparedness and resilience. Michael shares strategies for businesses to assess their vulnerabilities, implement robust security protocols, and develop incident response plans. He stresses that risk management is not a one-size-fits-all solution but requires a tailored approach that aligns with the unique needs and risk tolerance of each organization.

Listeners will gain practical advice on enhancing their cybersecurity posture, from the technicalities of safeguarding against ransomware to the nuances of cyber risk management. Michael's insights underscore the significance of understanding the value of data and the critical role it plays in determining security priorities.

Join us for an engaging and enlightening conversation with Michael Brooks on navigating the complexities of cyber risk and the pivotal steps businesses can take to ensure their data—and by extension, their operations—are secure. Whether you're a cybersecurity professional, a business leader, or simply interested in the dynamics of digital security, this episode offers valuable perspectives on protecting what matters most in the digital age.

In this episode of a YSecurity.io production, we sit down with Prakash Darji, General Manager of the Digital Experience Business Unit at Pure Storage, for an insightful conversation about the evolving landscape of storage and security. Prakash brings a wealth of knowledge and experience to the table, offering a glimpse into the future of these critical technology sectors as envisioned by one of the industry's leaders.

The discussion kicks off with an exploration of Pure Storage's strategic acquisition of Portworx, a move that underscores the company's commitment to leading in the storage and security domains. Prakash elaborates on how this acquisition enhances Pure Storage's offerings, particularly in addressing the complex needs of containerized applications and cloud-native technologies, which are at the forefront of digital transformation efforts across industries.

Prakash then delves into the pressing issue of ransomware, sharing valuable insights into how businesses can bolster their defenses and recover quickly from such attacks. He emphasizes the importance of resilience and preparedness, highlighting innovative solutions and best practices that Pure Storage offers to help organizations mitigate risks and minimize the impact of security breaches.

Listeners will be treated to Prakash's forward-looking perspectives on the future of storage and security. He discusses emerging trends, the increasing integration of AI and machine learning technologies, and the critical role of advanced storage solutions in securing and managing the exponentially growing volumes of data generated by modern digital activities.

This conversation is not just about understanding the current state of storage and security; it's an invitation to think about the future possibilities and the strategic moves companies like Pure Storage are making to address the challenges and opportunities ahead.

Join us for a lively and informative discussion with Prakash Darji on the future of storage and security. Whether you're a tech enthusiast, a professional in the IT sector, or someone keen on understanding the directions in which these essential technology pillars are heading, this episode offers a comprehensive overview of what lies on the horizon.

Join me for an interview with Leigh Honeywell. As founder and CEO of Tall Poppy, she's building tools and services to help companies protect their employees from online harassment and abuse.

Together, we share many vulnerable and authentic moments as we explore online harassment, abuse, and how Tall Poppy helps humans navigate difficult situations while still building a thriving business that makes the web better for all of us.

An interview with Wesley Belleman, Cyber Warfare Operator at the California Air National Guard and System Engineer at Palo Alto Networks, and his journey through Security Operations in the United Space Space Force.

In this episode, we dive into what a SOC is, how new technology changes our ability to respond to threats, and what the open problems are still open. We explore the cultural differences between civilian and military security operations and discuss various open-source projects such as Security Onion or MITRE Att&ck that can be used to build your own SOC. 

So what will the future of SOC's look like? Wes echo's Anton Chuvakin predictions that SOC's will be entirely automated, likely within our lifetimes, but not soon.

An interview with Daniel Feldman, Cloud Security Architect at HPE (formerly Scytale.io), as we discuss his journey through service authentication with the open standard SPIFFE and the implementation SPIRE.

In this episode, Daniel tells the story of how he came across this problem of authentication at Veritas Technologies, why he joined a small startup Scytale.io to continue focusing on his security journey, and touch on what it's like at Hewlett Packard Enterprise. We end on a forward-looking note on what the future of cloud security might look like, with many challenging and open cloud security problems out there.

Daniel is happy to meet others with similar interests and experiences, so in that spirit, he is open to connecting and sharing stories and ideas. He can be reached on LinkedIn or Twitter as d_feldman.

An interview with Andrew Gontarczyk, Chief Information Security Officer at Pure Storage, on the challenges of building a security team.

When is the right time for a company to build a security team? What types of Security Teams are there (Product Security, Infrastructure Security, DevSecOps, Red Team, Blue Team, Purple Teams), and what do they do? As a security leader, how do you influence the rest of a company towards a more secure posture? What are your favorite interview questions, and why? What role does diversity play in your team building? What's your leadership style? Even with a security team in place, what still keeps you up at night?

Join me for an interview with Anand Ganesh, Founding Software Architect at Hammerspace, to discuss how storageless data solves traditional B2B storage security problems.
 
What is storageless data? How does Hammerspace encrypt data at rest? How do disaster recovery, backup, and snapshot data protection mechanisms work in Hammerspace?  Why does data-as-a-service eliminate the need for fail-overs (passive-to-active transitions)? How do permissions work? How does intelligent data classification work in Hammerspace? How does Hammerspace help a customer recover from a ransomware attack? Do we have to trust our storage vendors such as AWS, Google, Azure, or even on-prem data centers? How do you securely delete data in a globally distributed system, like Hammerspace?